Let's take a look at how we can configure TLS for our microservice using Vault
The first thing we need to do is to create a mount point in Vault for our TLS certificates
I spoke at an event in Oslo where Vesselin gave a talk about how honey pots could be used to automate network security by automatically updating cloud armor rules to block the attacker.
At the time I was giving a talk on Terraform and Vault, but as I watched Vesselin's talk I wanted to build a system that could automate firewall rules using Terraform.
Providing remote access to applications and systems requires secure routing to the destination and credentials to authenticate the user. Traditionally, you achieve this using a Virtual Private Network (VPN) or a Bastion server to bridge into the private network. Credentials are generally provided individually, created as part of a manual process, and with password rotation on a best-intention basis. This is problematic as access is usually too broad, difficult to audit, and complex to maintain.
#!/bin/sh -e | |
echo "[$(date +%T)] Deregister boundary worker" | |
# Read the worker id from the file written on startup | |
worker_id=$(cat ./worker_id) | |
# Base url for the HCP cluster | |
base_url="https://${cluster_id}.boundary.hashicorp.cloud/v1" | |
auth_url="${base_url}/auth-methods/${auth_method_id}:authenticate" | |
dereg_url="${base_url}/workers/${worker_id}" |
[ | |
{ | |
"title": "command + h/j/k/l/u/i to arrow keys and home end", | |
"rules": [ | |
{ | |
"description": "Change Command + h/j/k/l to Arrows", | |
"manipulators": [ | |
{ | |
"type": "basic", | |
"from": { |
// To view the default settings, hold "alt" while clicking on the "Settings" button. | |
// For documentation on these settings, see: https://aka.ms/terminal-documentation | |
{ | |
"$schema": "https://aka.ms/terminal-profiles-schema", | |
"defaultProfile": "{2c4de342-38b7-51cf-b940-2309a097f518}", | |
"profiles": | |
[ |
# Consul connect and Nginx | |
## Example docker compose | |
```yaml | |
nginx: | |
image: nginx:latest | |
volumes: | |
- ./docker-compose-nginx.conf:/etc/nginx/nginx.conf:ro | |
ports: | |
- "8181:80" |
Implementing HTTP request parsing is problematic for Afterburner functions, and requires a full implementation of the HTTP RFC for each request to ensure compliance with the standard.
This proposal sets out an example of a simple text based protocol which is language agnostic, off-loading the parsing of the request to the watchdog not the function handler.
[HEADER required] \r\n [BODY optional] 0\r\n\r\n